topic Re: Flexible-vlan-tagging on multiple ports in Junoshttps://forums.juniper.net/t5/Junos/Flexible-vlan-tagging-on-multiple-ports/m-p/468068#M15636
<P>Hi Robbert</P>
<P>&nbsp;I see in the modified configuration that you are missing the native-vlan-tagging and the use of vlan 1 instead of 2. Is that expected? Please refer to the below doc for an IRB based configuration</P>
<P><A href="https://www.juniper.net/documentation/en_US/release-independent/solutions/information-products/pathway-pages/ethernet_switching_srx_app_note.pdf" target="_blank">https://www.juniper.net/documentation/en_US/release-independent/solutions/information-products/pathway-pages/ethernet_switching_srx_app_note.pdf</A></P>
<P>&nbsp;</P>
<P>Regards</P>
<P>&nbsp;</P>Thu, 12 Sep 2019 23:51:51 GMTshijot2019-09-12T23:51:51ZFlexible-vlan-tagging on multiple portshttps://forums.juniper.net/t5/Junos/Flexible-vlan-tagging-on-multiple-ports/m-p/467767#M15592
<P>Hi Guys,</P>
<P>&nbsp;</P>
<P>I have a little bit of a challenge.<BR />On this moment i have 1 port (let say port 0/0/0) configured as flexible-vlan-tagging<BR />This is because my network is untagged but my Wifi AP's are tagged.<BR />Works great but now i want to achieve the following.</P>
<P>&nbsp;</P>
<P>I want to expand this 1 port to 2 ports</P>
<P>So actually a little switch with the Untagged / Tagged Inet Units onto it.</P>
<P>I cannot get this done.</P>
<P>&nbsp;</P>
<P>I can make a little switchgroup (let say port 0/0/1, 0/0/2, 0/0/3) and hardwire port 0/0/0 to 0/0/1 so i have the Inet units on the switch.</P>
<P>&nbsp;</P>
<P>But i think this is not the most beautiful solution. I also lose 2 ports</P>
<P>&nbsp;</P>
<P>I already tried something with vlan interfaces and vlans but then i have to give up a vlan-id and that is the problem. Except my AP's</P>
<P>my devices accept no tags.</P>
<P>&nbsp;</P>
<P>As far as i know Flexible-vlan-tagging is only available on ethernet devices.</P>
<P>&nbsp;</P>
<P>Below is a snippet of my current config.</P>
<P>&nbsp;</P>
<PRE>interfaces {
fe-0/0/7 {
flexible-vlan-tagging;
native-vlan-id 2;
unit 0 {
vlan-id 2;
family inet {
address 192.168.2.254/24;
}
}
unit 10 {
vlan-id 10;
family inet {
address 192.168.10.254/24;
}
}
}
}
</PRE>
<P>Below is a piece of config what isn't working</P>
<P>&nbsp;</P>
<PRE>interfaces {
interface-range switch {
member-range fe-0/0/4 to fe-0/0/7;
unit 0 {
family ethernet-switching {
port-mode trunk;
vlan {
members [ default kids ];
}
}
}
}
vlan {
unit 1 {
family inet {
address 192.168.2.254/24;
}
}
unit 10 {
family inet {
address 192.168.10.254/24;
}
}
}
}
security {
zones {
security-zone Data {
host-inbound-traffic {
system-services {
ping;
}
}
interfaces {
vlan.1;
}
}
}
}
vlans {
default {
vlan-id 1;
l3-interface vlan.1;
}
kids {
vlan-id 10;
l3-interface vlan.10;
}
}</PRE>
<P>I hope somebody can put me in the right direction.</P>
<P>&nbsp;</P>
<P>Regards,</P>
<P>&nbsp;</P>
<P>Robbert</P>Sun, 08 Sep 2019 19:18:49 GMThttps://forums.juniper.net/t5/Junos/Flexible-vlan-tagging-on-multiple-ports/m-p/467767#M15592robbert19792019-09-08T19:18:49ZRe: Flexible-vlan-tagging on multiple portshttps://forums.juniper.net/t5/Junos/Flexible-vlan-tagging-on-multiple-ports/m-p/468055#M15630
<P>Hi,</P>
<P>&nbsp;</P>
<P>Your problem is not very clear to me, kindly rephrase it.</P>
<P>//Regards</P>
<P>AD</P>
<P>&nbsp;</P>Thu, 12 Sep 2019 20:43:48 GMThttps://forums.juniper.net/t5/Junos/Flexible-vlan-tagging-on-multiple-ports/m-p/468055#M15630adwivedi2019-09-12T20:43:48ZRe: Flexible-vlan-tagging on multiple portshttps://forums.juniper.net/t5/Junos/Flexible-vlan-tagging-on-multiple-ports/m-p/468056#M15631
<P>Hi Adwivedi,</P>
<P>&nbsp;</P>
<P>I have an SRX240</P>
<P>my environment accept no vlan tags except for my AP's</P>
<P>They are connected on the same wiring.</P>
<P>So i have to use flexible-vlan-tagging</P>
<P>&nbsp;</P>
<P>When i just have 1 port for example ge-0/0/0 i can set flexible-vlan-tagging and native-vlan</P>
<P>So everything without any tag is on the native vlan and everything with a tag is on the corresponding vlan.</P>
<P>&nbsp;</P>
<P>So actually i want this</P>
<P>&nbsp;</P>
<PRE>interfaces {
ge-0/0/0 {
flexible-vlan-tagging;
native-vlan-id 2;
unit 0 {
vlan-id 2;
family inet {
address 192.168.2.254/24;
}
}
unit 10 {
vlan-id 10;
family inet {
address 192.168.10.254/24;
}
}
}
}</PRE>
<P>but i want it reachable over multiple ports (ge-0/0/0 and ge-0/0/1)</P>
<P>So actually i want to create a little switch of 2 ports and assign this config to it.</P>
<P>&nbsp;</P>
<P>What i have working now as a workaround is</P>
<P>&nbsp;</P>
<P>port ge-0/0/0 configured as above</P>
<P>port ge-0/0/1, ge-0/0/2 and ge-0/0/3 as family ethernet-switching</P>
<P>a short patchcable between ge-0/0/0 and ge-0/0/1</P>
<P>&nbsp;</P>
<P>so port ge-0/0/2 and port ge-0/0/3 can reach the untagged and tagged vlans because it is just a little switch.</P>
<P>&nbsp;</P>
<P>But now i throw away 2 ports so i want to get rid of the patchcable.</P>
<P>&nbsp;</P>
<P>&nbsp;</P>Thu, 12 Sep 2019 21:09:04 GMThttps://forums.juniper.net/t5/Junos/Flexible-vlan-tagging-on-multiple-ports/m-p/468056#M15631robbert19792019-09-12T21:09:04ZRe: Flexible-vlan-tagging on multiple portshttps://forums.juniper.net/t5/Junos/Flexible-vlan-tagging-on-multiple-ports/m-p/468068#M15636
<P>Hi Robbert</P>
<P>&nbsp;I see in the modified configuration that you are missing the native-vlan-tagging and the use of vlan 1 instead of 2. Is that expected? Please refer to the below doc for an IRB based configuration</P>
<P><A href="https://www.juniper.net/documentation/en_US/release-independent/solutions/information-products/pathway-pages/ethernet_switching_srx_app_note.pdf" target="_blank">https://www.juniper.net/documentation/en_US/release-independent/solutions/information-products/pathway-pages/ethernet_switching_srx_app_note.pdf</A></P>
<P>&nbsp;</P>
<P>Regards</P>
<P>&nbsp;</P>Thu, 12 Sep 2019 23:51:51 GMThttps://forums.juniper.net/t5/Junos/Flexible-vlan-tagging-on-multiple-ports/m-p/468068#M15636shijot2019-09-12T23:51:51ZRe: Flexible-vlan-tagging on multiple portshttps://forums.juniper.net/t5/Junos/Flexible-vlan-tagging-on-multiple-ports/m-p/468095#M15645
<P>&nbsp;Hi Shijot,</P>
<P>&nbsp;</P>
<P>I don't really understand what you mean with "<SPAN>I see in the modified configuration that you are missing the native-vlan-tagging and the use of vlan 1 instead of 2. Is that expected?</SPAN>"</P>
<P>What block of code are you referring to?</P>
<P>&nbsp;</P>
<P>I will take a look to irb again but i already tried to achieve this with an irb interface and a vlan interface.<BR />The problem is that flexible-vlan-tagging is not allowed on vlan or irb interfaces.</P>
<P>&nbsp;</P>
<P>Maybe i don't have to use flexible-vlan-tagging at all but that is how i achieved it now.</P>
<P>Is there another way to mix the use of vlan tags and untagged traffic on the same interface.</P>
<P>&nbsp;</P>
<P>Regards,</P>
<P>&nbsp;</P>
<P>Robbert</P>Fri, 13 Sep 2019 08:42:20 GMThttps://forums.juniper.net/t5/Junos/Flexible-vlan-tagging-on-multiple-ports/m-p/468095#M15645robbert19792019-09-13T08:42:20ZRe: Flexible-vlan-tagging on multiple portshttps://forums.juniper.net/t5/Junos/Flexible-vlan-tagging-on-multiple-ports/m-p/468132#M15653
<P>Hi Robert</P>
<P>Vlan tagging on the irb is not needed. Please refer "Routing Traffic between VLANs" in the doc below</P>
<P><A href="https://www.juniper.net/documentation/en_US/release-independent/solutions/information-products/pathway-pages/ethernet_switching_srx_app_note.pdf" target="_blank">https://www.juniper.net/documentation/en_US/release-independent/solutions/information-products/pathway-pages/ethernet_switching_srx_app_note.pdf</A></P>
<P>&nbsp;</P>
<P>I was earlier referring to the native-vlan-id in the configuration below</P>
<PRE>interfaces {
fe-0/0/7 {
flexible-vlan-tagging;
native-vlan-id 2; &lt;&lt;&lt;&lt;&lt;&lt;&lt;&lt;
unit 0 {
vlan-id 2;</PRE>
<P>&nbsp; If this is correctly addressed, please check the security policy also.</P>Fri, 13 Sep 2019 19:05:56 GMThttps://forums.juniper.net/t5/Junos/Flexible-vlan-tagging-on-multiple-ports/m-p/468132#M15653shijot2019-09-13T19:05:56ZRe: Flexible-vlan-tagging on multiple portshttps://forums.juniper.net/t5/Junos/Flexible-vlan-tagging-on-multiple-ports/m-p/468134#M15655
<P>Hi Shijot,</P>
<P>&nbsp;</P>
<P>It has nothing to do with policy's for now.</P>
<P>I can't even commit my config when i'm trying something else with flexible-vlan-tagging in combination with irb or vlan interfaces.</P>
<P>&nbsp;</P>
<P>It is in theory really simple what i want to achieve.</P>
<P>I want the config as below but on multiple ports on the srx.</P>
<P>So the srx is actually a little switch with some l3 adresses on it.</P>
<P>&nbsp;</P>
<P>I could connect a switch to port ge-0/0/0 to achieve the same but i don't want to use an extra switch because i have plenty of free ports on the SRX</P>
<P>&nbsp;</P>
<P>I also could make a little interfacegroup of type ethernet-switching and connect a cable from ge-0/0/0 to that interfacegroup but then i'm losing 2 ports.</P>
<P>&nbsp;</P>
<P>I just want this config on 2 or more ports <img id="smileywink" class="emoticon emoticon-smileywink" src="https://forums.juniper.net/i/smilies/16x16_smiley-wink.png" alt="Smiley Wink" title="Smiley Wink" /></P>
<P>It would be really simple if all my traffic was tagged but unfortunately it isn't what makes it more difficult in my opinion.</P>
<P>&nbsp;</P>
<PRE>interfaces {
ge-0/0/0 {
flexible-vlan-tagging;
native-vlan-id 2;
unit 0 {
vlan-id 2;
family inet {
address 192.168.2.254/24;
}
}
unit 10 {
vlan-id 10;
family inet {
address 192.168.10.254/24;
}
}
}
}</PRE>
<P>Attached a image how i fixed it for now</P>
<P>ge-0/0/0 is the interface configured as above</P>
<P>ge-0/0/4&nbsp;ge-0/0/5 ge-0/0/6 ge-0/0/7 is configured as below</P>
<P>&nbsp;</P>
<PRE>interface-range switch {
member-range ge-0/0/4 to ge-0/0/7;
unit 0 {
family ethernet-switching;
}
}
</PRE>
<P>so with the little patchcable port&nbsp;ge-0/0/4&nbsp;ge-0/0/5 ge-0/0/6 ge-0/0/7 is connected to port ge-0/0/0</P>
<P>&nbsp;</P>
<P>This is the situation i want to have but without the little patchcable <img id="smileywink" class="emoticon emoticon-smileywink" src="https://forums.juniper.net/i/smilies/16x16_smiley-wink.png" alt="Smiley Wink" title="Smiley Wink" /></P>
<P>&nbsp;</P>
<P>I hope this clarify my problem.</P>
<P>&nbsp;</P>
<P>Regards,</P>
<P>&nbsp;</P>
<P>Robbert</P>Fri, 13 Sep 2019 19:31:59 GMThttps://forums.juniper.net/t5/Junos/Flexible-vlan-tagging-on-multiple-ports/m-p/468134#M15655robbert19792019-09-13T19:31:59Z